Select Git revision
configure_fail2ban.yml
configure_fail2ban.yml 5.00 KiB
---
### Fail2Ban einrichten ###
- name: fail2ban IDS installieren
ansible.builtin.package:
name: "fail2ban"
state: present
tags: [apt, yum]
# neue Konfiguration einspielen
- name: Konfiguration fuer fail2ban einspielen (1/4)
ansible.builtin.blockinfile:
path: "/etc/fail2ban/jail.local"
backup: "no"
create: true
owner: "root"
group: "root"
mode: 0644
state: present
marker: "### {mark} ANSIBLE MANAGED BLOCK - SSHD RULES"
block: |
[sshd]
enabled = true
port = ssh
# name of the filter -- filename of the filter in
# "/etc/fail2ban/filter.d/" without the .conf/.local extension. Only one
# filter can be specified.
filter = sshd
# ignored IPs: localhost, VLAN 20 (DV), sdvuda10 (IP from multiple
# subnets/VLANs), VPN IP ranges
ignoreip = 127.0.0.1/8 {{ vault_net_vlan_20 }} {{ vault_net_vlan_vpn_4 }} {{ vault_net_vlan_vpn_5 }} {{ vault_net_vlan_vpn_6 }} {{ vault_uda_vlan_10 }} {{ vault_uda_vlan_11 }} {{ vault_uda_vlan_13 }} {{ vault_uda_vlan_14 }} {{ vault_uda_vlan_21 }}
# number of failures that have to occur in the last findtime seconds to
# ban then IP.
maxretry = 5
# effective ban duration (in seconds).
bantime = 180 ;3 minutes
# Die Anzahl der Sekunden nach dem der Zähler für maxretry
# zurückgesetzt wird.
findtime = 1800 ;30 minutes
usedns = yes
# use banaction defined in file "/etc/fail2ban/action.d/route.conf"
banaction = route
[f2b-loop2]
enabled = true
filter = f2b-loop
bantime = 600 ;10 minutes
findtime = 7200 ;120 minutes
logpath = /var/log/fail2ban.log
maxretry = 5
[f2b-loop3]
enabled = true
filter = f2b-loop
bantime = 21600 ;6 hours
findtime = 86400 ;24 hours
logpath = /var/log/fail2ban.log
maxretry = 5
[f2b-loop4]
enabled = true
filter = f2b-loop
bantime = 604800 ;1 week
findtime = 2592000 ;1 months
logpath = /var/log/fail2ban.log
maxretry = 10